Author Topic: Bypassing settings protection in CF  (Read 6873 times)

Offline Dwarden

  • Newbie
  • *
  • Posts: 19
Bypassing settings protection in CF
« on: March 03, 2007, 11:16:53 PM »
http://www.matousec.com/info/advisories/Comodo-Bypassing-settings-protection-using-magic-pipe.php

any1one aware ? any comment ? fix or fixed already ? ...

checked forums via search but nothing pops out ...
Ideas are like ocean w/o borders!

soyabeaner

  • Guest
Re: Bypassing settings protection in CF
« Reply #1 on: March 03, 2007, 11:29:23 PM »
Dwarden, you are one of the first and few to have linked Matousec's latest advisory here.  He always contacts the vendor of the tested product first before publicly releasing his bugs:
Events:
2007-03-01: Advisory released
2007-02-15: Vendor
[Comodo :)] notification

Furthermore, the chances of such an attack through this vulnerability is miniscule according to some opinions.  Though I've always wondered about these vulnerabilities.  Does one have to be infected with malware or can a hacker still remotely exploit them?  Matousec's reports indicate locally exploitable bugs only (for all firewalls he's analyzed so far).

« Last Edit: March 03, 2007, 11:36:29 PM by soyabeaner »

Offline Quwen

  • Comodo's Hero
  • *****
  • Posts: 218
Re: Bypassing settings protection in CF
« Reply #2 on: March 03, 2007, 11:38:37 PM »
Also, in our tests, the exploit takes a long time to be actually exploited, and the options are limited. Comodo will fix it for thoroughness, but if they take their time the internet won't exactly break.

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14692
    • Video Blog
Re: Bypassing settings protection in CF
« Reply #3 on: March 03, 2007, 11:45:22 PM »
we are aiming for v3 for the fixes for all these..
thanks
Melih

Offline djet

  • Comodo Family Member
  • ***
  • Posts: 62
Re: Bypassing settings protection in CF
« Reply #4 on: March 05, 2007, 08:53:58 AM »
Dwarden, you are one of the first and few to have linked Matousec's latest advisory here.  He always contacts the vendor of the tested product first before publicly releasing his bugs:
Events:
2007-03-01: Advisory released
2007-02-15: Vendor
[Comodo :)] notification

Furthermore, the chances of such an attack through this vulnerability is miniscule according to some opinions.  Though I've always wondered about these vulnerabilities.  Does one have to be infected with malware or can a hacker still remotely exploit them?  Matousec's reports indicate locally exploitable bugs only (for all firewalls he's analyzed so far).


Actually a decent Personal Firewall focuses more on locally exploitable vulnerabilities than remote one. To defend oneself from remotely exploitable bugs even Windows Firewall or ISP access-lists are more than enough. But the rest of protection lies in the local zone. Anyone could construct a trojan that is transparent to AV software and if it also could bypass PF, that would be a complete disaster.
From Russia with lags.

soyabeaner

  • Guest
Re: Bypassing settings protection in CF
« Reply #5 on: March 05, 2007, 09:19:40 AM »
I see.  So if one does not currently have malware then it's not a concern in that sense.  Malware has to get into the computer first, right?

Offline Dwarden

  • Newbie
  • *
  • Posts: 19
Re: Bypassing settings protection in CF
« Reply #6 on: March 12, 2007, 03:53:51 AM »
most of trojans/malware infections lays in local zone and not thru remote exploits

(exception can be hole in kernel or other OS components which you can for sure remember as mass worm times via remote)

by my IT experience 80% of infections on customers/partners roots from local account and from these 50% were local admin accounts ...

like someone said, with good nix fw and use of brain, u may never need PF, AV,AT,AS,AM w/e :)...
Ideas are like ocean w/o borders!

soyabeaner

  • Guest
Re: Bypassing settings protection in CF
« Reply #7 on: March 12, 2007, 05:29:15 AM »
like someone said, with good nix fw and use of brain, u may never need PF, AV,AT,AS,AM w/e :)...

In certain environments, this is true.  I'm getting closer to that level :).  However, there was one time in the past when I had to re-format my OS and within minutes of being on the net to Windows Update site, I was infected with a trojan (found out shortly after running an AV).  That was during the short moment I didn't have a firewall.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek